Use cargo deny to prevent onboarding certain crates (#13938)

.github/workflows/lint-test.yaml

@@ -83,6 +83,19 @@ jobs:
       - run: echo "Skipping rust lints! Unrelated changes detected."
         if: needs.file_change_determinator.outputs.only_docs_changed == 'true'
 
+  # Run cargo deny. This is a PR required job.
+  rust-cargo-deny:
+    needs: file_change_determinator
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        if: needs.file_change_determinator.outputs.only_docs_changed != 'true'
+      - uses: EmbarkStudios/cargo-deny-action@v1
+        with:
+          command: check licenses
+      - run: echo "Skipping cargo deny! Unrelated changes detected."
+        if: needs.file_change_determinator.outputs.only_docs_changed == 'true'
+
   # Run all rust smoke tests. This is a PR required job.
   rust-smoke-tests:
     needs: file_change_determinator

aptos-move/aptos-abstract-gas-usage/Cargo.toml

@@ -2,7 +2,7 @@
 name = "aptos-abstract-gas-usage"
 version = "0.1.0"
 edition = "2021"
-# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+license = { workspace = true }
 
 [dependencies]
 anyhow = { workspace = true }

aptos-move/aptos-gas-calibration/Cargo.toml

@@ -2,7 +2,7 @@
 name = "aptos-gas-calibration"
 version = "0.1.0"
 edition = "2021"
-# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+license = { workspace = true }
 
 [dependencies]
 anyhow = { workspace = true }

aptos-move/aptos-vm-benchmarks/Cargo.toml

@@ -2,7 +2,7 @@
 name = "aptos-vm-benchmarks"
 version = "0.1.0"
 edition = "2021"
-# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+license = { workspace = true }
 
 [dependencies]
 aptos-cached-packages = { workspace = true }

crates/aptos-dkg/Cargo.toml

@@ -2,7 +2,7 @@
 name = "aptos-dkg"
 version = "0.1.0"
 edition = "2021"
-# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+license = { workspace = true }
 
 [dependencies]
 anyhow = { workspace = true }

deny.toml

@@ -0,0 +1,40 @@
+# This is a configuration file for cargo deny, the tool we use to prevent accidentally
+# onboarding dependencies with licenses we don't want to use. To test this config, try
+# running a command like this:
+#
+# cargo deny check licenses --hide-inclusion-graph
+
+[licenses]
+version = 2
+allow = [
+    "Apache-2.0",
+    "Apache-2.0 WITH LLVM-exception",
+    "BSD-2-Clause",
+    "BSD-3-Clause",
+    "CC0-1.0",
+    "CDDL-1.0",
+    "ISC",
+    "MIT",
+    "MIT-0",
+    "MPL-2.0",
+    "OpenSSL",
+    "Unicode-DFS-2016",
+    "Unlicense",
+    "Zlib",
+]
+
+# Since the tool cannot determine the license of this crate, we need to clarify it.
+[[licenses.clarify]]
+name = "ring"
+expression = "MIT AND ISC AND OpenSSL"
+license-files = [
+    { path = "LICENSE", hash = 0xbd0eed23 }
+]
+
+[licenses.private]
+ignore = true
+ignore-sources = [
+    # This is for the macros crate from diesel_async_migrations. It is MIT licensed, but
+    # uses an irregular license file name.
+    "https://github.com/niroco/diesel_async_migrations"
+]

ecosystem/indexer-grpc/indexer-grpc-integration-tests/Cargo.toml

@@ -2,7 +2,7 @@
 name = "aptos-indexer-grpc-integration-tests"
 version = "0.1.0"
 edition = "2021"
-# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+license = { workspace = true }
 
 [dependencies]
 anyhow = { workspace = true }

testsuite/fuzzer/Cargo.toml

@@ -2,6 +2,6 @@
 name = "fuzzer"
 version = "0.1.0"
 edition = "2021"
-# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+license = { workspace = true }
 
 [dependencies]

third_party/move/move-model/bytecode/abstract_domain_derive/Cargo.toml

@@ -2,6 +2,7 @@
 name = "abstract-domain-derive"
 version = "0.1.0"
 edition = "2021"
+license = { workspace = true }
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html